As enterprises rely more and more heavily on computers and electronic transactions for their daily business, there is an increasing demand for technologies that can secure these systems, their applications, and their associated digital content from unauthorized use and distribution. A “licensed application” may be considered to be an application that is meant to be protected from unauthorized use and distribution; “protected content” is digital data that is desired to be similarly secured. Unlike the mechanical engines and material outputs of physical systems, it is difficult to secure applications and digital content because both are easily copied, altered, distributed, and ultimately misused.
For purposes of discussion, a “license” comprises the authorized rights of an end user with respect to the protected material. A license often comprises a use agreement and one or more digital values that help enforce the terms of that agreement. The term “license file” is used herein to distinguish these digital values from the more general notion of an end-user's rights, though the tangible form of said values and their associated authorizations need not be a traditional computer file. Furthermore, the protected material may be encrypted.
License files are used by industry as part of the runtime authorization mechanisms used to enforce use agreements on an end user's system and ultimately to thwart piracy. The focused goal of piracy is license subversion: the successful execution of a licensed application, a licensed application module, or an application manipulating protected content without a valid license. In some application domains, the license enforcement system is also called an authorization system, and the goal of license subversion is to bypass the runtime authorization mechanisms. Conversely, the goal of those in the domain of software protection is runtime license enforcement.
The practice of runtime license enforcement commonly involves an application module, a license file, and two additional software entities that together comprise the actual, software-based license enforcement system. (Although it is possible to build hardware-based license enforcement systems, such systems are rare because they require specialized memory or processing resources that are not generally or widely available.)
FIG. 1 is a block diagram illustrating the relationship between the four entities typically involved in license enforcement.
The application module A 2 in FIG. 1 may be a piece of a larger application, or it may comprise the entire application. The license file L 10 authorizes an end user to execute the application module A 2(i.e., as a licensed application), or it may enable the application module A 2 to access or manipulate protected content in a data file (not shown).
The challenge system C 6 provides mechanisms for controlling execution of the application module A 2. It interacts with the response system R 8 to verify that an end user has the right to execute the application module A 2, and it prevents further program execution whenever authorization fails.
The response system R 8 reacts to a verification request from the challenge system C 6 by reading, validating, or in some way interacting with the license file L 10. Effective, software-based license enforcement systems generally contain all of the logical components illustrated in FIG. 1.
The challenge system C 6 and the response system R 8 together make up the license enforcement system 4, also called an authorization system.
It should be emphasized that FIG. 1 is a conceptual representation of the entities involved in runtime license enforcement. In particular, application module A 2 should be viewed as the set of bits that implement all of the required functionality of A, except for that functionality required for protection from software piracy. In other words, application module A 2 does not include any capability for reading, validating, or more generally interacting with the license file L 10, nor does it have the capacity to affect its own execution based on the result of license validation.